AVG-837

Package libarchive
Status Vulnerable
Severity High
Type multiple issues
Affected 3.3.3-1
Fixed 3.3.3-2
Current 3.3.3-1 [core]
Ticket Create
Created Sun Jan 6 15:06:08 2019
Issue Severity Remote Type Description
CVE-2019-1000020 Medium No Denial of service
ibarchive version >=v2.8.0 contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser,...
CVE-2019-1000019 High No Information disclosure
libarchive version >=v3.0.2 contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archive_read_support_format_7zip.c, header_bytes()...
CVE-2018-1000880 High No Denial of service
A resource consumption issue has been found in libarchive >= 3.2.0 and <=3.3.3, in the _warc_read() function in archive_read_support_format_warm.c. An...
CVE-2018-1000879 Low No Denial of service
A NULL-pointer dereference issue has been found in libarchive >= 3.3.0 and <=3.3.3, in the archive_acl_from_text_l() function in archive_acl.c. An attacker...
CVE-2018-1000878 High No Arbitrary code execution
A use-after-free issue has been found in libarchive >= 3.1.0 and <=3.3.3, in the archive_read_format_rar_read_header() function in...
CVE-2018-1000877 High No Arbitrary code execution
A double-free issue has been found in libarchive >= 3.1.0 and <=3.3.3, in the parse_codes() function in archive_read_support_format_rar.c. An attacker can...
References
https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
https://github.com/libarchive/libarchive/pull/1105
https://github.com/libarchive/libarchive/pull/1120